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ATnendment zo the Claims ; 

This listing of claims replaces all prior versions, and 
listings, of claims in the application: 

1. (Currently Amended) A method comprising: 
determining a private network address for a user in 

connection with the user accessing a network resource on a 

network; 

determining an application layer access control list entry 
for the user based on an access control policy; 

generating a network layer access control list entry for 
the user baaed on the determined private network addressj^ 

sending the determined application layer access control 
list entry to nodes on the network that do not support network 
layer packet filtering from a firot oomputeg-to a second 
computer on tho network that includco the uoor and the network 
rooouroQ ; 

sending the generated network layer access control list 
entry to nodes on the network that support network layer packet 
filtering; 

translating a public network address to the private network 
address for the user accessing the network resource after the 
accooD control list entry io acnt ; and 
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allowing or blocking the user access to the network 
reaource based on at least one of the application layer access 
control list entry and the network layer access control list 
entry . 

2-3. (Canceled). 

4- (Currently Amended) The method of claim 1 3-, wherein the 
generated network layer access control list entry cotnpriseB a 
network level acccgg control li s t including at least one of a 
destination address ^ a protocol layer designation, a source 
port^ a destination port, the determined private network 
address, and an indication of allowed or denied access to the 
network resource. 

5 . (Canceled) . 

6. (Currently Amended) The method of claim 1 ^, wherein 
determining the private network address comprises allocating a 
network address based on a dynamic host configuration protocol 
(DHCP) . 

7 . (Canceled) - 
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8. (Currently Amended) The method of claim 1^ S, wherein the 
gccond computer comprisca a acrvcr computer asaociatod with the 
net w ork ycoouroo , wherein determining an application layer 
access control list entry further comprises retrieving an 
application layer access control list entry stored in a 
database, and 

wherein a server computer on the network that does not 
support network layer packet filtering uses an application layer 
protocol based on an open system interconnection (OSI) model » 

9. {Currently Amended) The method of claim 1 further 
comprising storing the access control policy on a storage medium 
connected to a -fefee first computer in the network, the access 
control policy including defined roles for each user allowed to 
access a resource in the network. 

10. (Currently Amended) The method of claim 1 ^, further 

comprising ; 

releasing the private network address following completion 
of the access to the network resource. 
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11. (Currently Amended) The method of claim 10, further 
comprising: 

de-installing the a network layer access control entry 
following completion of the access to the network resource. 

12 • (Currently Amended) An article comprising a machine- 
readable medium that stores machine -executable instructions, the 
instructions causing a machine tO: 

determine a private network address for a user in 
connection with the user accessing a network resource on a 
networks- 
determine an application layer access control list entry 
for the user based on an access control policy; 

generate a network layer access control list entry for the 
user baaed on the detex^nined private network address; 

send the determined application layer access control list 
entry to nodes on the network that do not support network layer 
packet filtering from a first computer to a second Gomputor - o» 
the network—including the uocr and-thc network rcoourcc ; 

send the generated network layer access control list entry 
to nodes on the network that support network layer packet 
filtering; 
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translate a public network address to the private network 
address for the user accessing the network resource; and 

allow or block the user access to the network resource 
based on at least one of the application layer access control 
list entry and the network control access list entry after the 
acccqo control liot entry io oent . 

13-14 . (Canceled) . 

15. (Currently Amended) The article of claim 124-, wherein 
the generated network layer access control list entry comprises 
Q network level access control list inelud w fig at least one of a 
destination address, a protocol layer designation, a source 
port, a destination port, the determined private network 
address, and an indication of allowed or denied access Co the 
network resource* 

16. (Canceled) . 

17- (Currently Amended) The article of claim 124-, wherein 
determining the private network address comprises allocating a 
network address based on a dynamic host configuration protocol 
(DHCP) . 
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la. (Canceled) . 

19. (Currently Amended) The article of claim 12^, wherein 
the ocoond computer compriaea a acrvor u uiii puLcr " aaaoQiatcd with 
the network reoource, wherein determining an application layer 
access control list entry further comprises retrieving an 
application layer access control list entry stored in a 
database, and 

wherein a tfee server computer on the network that does not 
support network layer packet filtering uses an application layer 
protocol based on an open system interconnection (OSI) model, 

20. (Currently Amended) The article of claim 12€-, further 
comprising storing the access control policy on a storage medium 
connected to a ^fefee first computer in the network, the access 
control policy including defined roles for each user allowed to 
access a resource in the network, 

21. (Currently Amended) The article of claim l24r, further 
comprising: 

releasing the private network address following completion 
of the access to the network resource . 
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22. (Currently Amended) The article of claim 21, further 
comprising: 

de- installing the d network layer access control entry 
following completion of the access to the network resource. 

23- (Currently Amended) An apparatus coniprising: 

a first memory that stores executable instmictions; 

a first processor that executes the instructions from the 

first memory to: 

determine a private network address for a user in 

connection with the user accessing a network resource on a 

networks- 
determine an application layer access control list 

entry for the user based on an access control policy; 

generate a network layer access control list entry for 

the user based on the determine private network address; 

send the determined application layer access control 

list entry to nodes on the network that do not support network 

layer packet filtering a ■ oQcond processor on the notworle 

including the user and the network rooouroc ; 
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send the generaced network layer access control list 
entry to nodee on the network that support network layer packet 
filtering; 

translate a public network address to the private 
network address for the user accessing the network resource; and 

allow or block the user access to the network resource 
based on at least one of the application layer access control 
list entry and the network layer access control list entry after 
the aooQoo control Hot entry io oont , 

24-25. (Canceled) . 

26. (Currently Amended) The apparatus of claim 23*/ wherein 
the generated network layer access control list entry comprises 
a natwork level acccsg coRtrol liot entry Including at least one 
of a destination address, a protocol layer designation, a source 
port, a destination port, the determined private network 
address, and an indication of allowed or denied access to the 
network resource. 

27, (Currently Amended) The apparatus of claim 235-, wherein 
determining the private network address comprises assigning a 
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network address based on a dynamic host configuration protocol 
(DHCP) . 

28-29. (Canceled) , 

30. (Currently Amended) The apparatus of claim 24d, wherein 
the nodes on the network that support network layer packet 
filtering nctworlc layer dcvioo executes Instructions to block or 
allow access to the network resource based on the network layer 
access control list entry. 
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